Tuesday, November 23, 2010

Great interview in the Capitol Times with the Governor's Information Technology Director Chad Kirkpatrick and Jim Ryan, GITA's chief information security officer. Some excerpts -

GITA’s function may not be in the news often, but Kirkpatrick says that’s because what would make news – Social Security numbers stolen, for example – hasn’t happened because the agency has set policies, standards and procedures to establish the tightest possible security controls for every state office to use.

Kirkpatrick says prevention is most effective when security agents think like criminals. The most-feared hackers work in cells comprised of a handful of people, and only their leader knows who is in the next cell up in the chain.

GITA has never had to shut down an agency’s system. In the past year, though, he says, there were three times when his technical staff came close — within five minutes — to having to do so.

Kirkpatrick says GITA hires a third-party to try to penetrate state agency computer systems to find areas of weakness. So far, no major incidents have been reported, but what he called “one big thing” happened in the summer of 2009, when the Conficker virus threatened computers worldwide.

Kirkpatrick likened his agency, which has redesigned 94 websites belonging to state entities, to a high school hall monitor.

“We make sure people are doing what they’re supposed to do,” Kirkpatrick says.

Even so, he says, “There is a definite spike in these attacks. The growth is exponential. As you have a more technology-savvy population in the world, the ability to transfer funds, other types of cyber-crimes, the rewards of cyber-attacks grow higher, which draws more people into it.”